Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying wmpscfgs.exe


  • Please log in to reply
1 reply to this topic

#1 kurosaba

kurosaba

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 07 April 2010 - 12:15 AM

Hello,

About two weeks ago I was at a forum, and apparently the forum was attacked and I got a trojan on my computer. For a bit it was Windows Defender Pro, which I had a hard time uninstalling and getting rid of, since it killed my browser, my AVG scanner, and Malware Bytes. and had constant pop ups and such.

I did get rid of that using Malwarebytes; however, I am recently experiencing a recurring file trying to execute. It is wmpscfgs.exe.

I have tried many many times to have this thing deleted from my system but it keeps coming back. It is present in my Users/Local/Temp folder, in my Program Files(x86)/Internet Explorer folder, and C:/Windows folder.

It keeps coming back and I think that it is also responsible for random audio advertisements in my PC background.

I am running Windows Vista Home Premium 64-bit.

Please let me know what other information you would like.

BC AdBot (Login to Remove)

 


#2 raleighrealtor

raleighrealtor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 07 April 2010 - 06:18 AM

You still having the problem with the above? If so, here's how I "solved" the problem. Because this thing keeps coming back to life after a reboot, there is obviously something in startup that's creating the executables. Here's what I did to get rid of this big nasty:

(I have Windows 7)

go to Start . . . select . . . in the search field type msconfig. This will open a System Configuration window. Select the Startup tab. This will reveal everything that loads when you boot. Drag and expand the Command field so you see the path of all the startup programs. (They will all be executables.) Here comes the hard part. You will have to go to the folder of every startup program and look for two almost identical executables. The only difference you will see between the two is a space between the file description and the dot before the exe. Example: sttray64 .exe and sttray64.exe. The sttray64 .exe is the original (and legit). What the virus did was rename the original by adding a space and then created a new executable with the original name. You will also notice a difference in the icons of both executables. The icon associated with the sstray64 .exe is the proper icon. The other icon is associated with the virus created executable. Shred every virally created executable with CWShredder (go to cnet downloads for the freebie) and rename the altered (original) executable by just removing the space. This is the labor intensive part but it must be done.

After you have done all that, scan you computer with Malwarebytes . . . you should get a clean scan. If not, go back to the above to see if you missed anything. I did this the day before and have not had one issue since. My assumption is that the bugger is gone (crossed fingers). By the way, another BleepingComputer viewer had the same problem, and he told me that he used my method and that the problem was fixed. Hope this helps you.

Good luck


Don Meriweather

guitarxy@gmail.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users